Communicating risk requires identifying the right language for the right audience. While your experience may be in technical systems and all of the things that can go wrong with them, trying to communicate risk in technical terms to business leaders is generally a futile endeavor. There are a couple of reasons for this:
1) Technical systems and the risk issues that go along with them typically are heavily jargon-laden and without a lot of reference points to the outside world.
2) Everybody has limited bandwidth for talking about risk. You’ve got a very narrow window in which to communicate the issues.
That second point is one of the best pieces of advice that I’ve ever received regarding communicating risk. No matter how good your message may be, there is a finite amount of tolerance that people have to discuss risk in a given discussion. Exceed that window and you’ll be able to hear the clunk as their eyes roll into the backs of their heads.
All the more reason for choosing your language carefully. So, instead of techno-speak, when talking to business leaders, speak in terms of things that are meaningful to them. Depending on your background, this preparation may require a little bit of work on your part. What information products/services (eg reports, databases, workflows, etc) do they count on to do their work? What things do they count on to look good to peers and bosses? (This one may sound childish, but it’s not. It’s got a solid foothold in Mazlow’s hierarchy of needs).
Once you’ve identified what those needs are, you can work backwards to what information systems support them and what risks are associated with those technical systems. Techno-speak with the people supporting these systems is okay, that’s their language. But when communicating risk to business people (possibly to get funding to support your risk mitigation), you’ve got to speak their language.
The Downloads page has a pdf of this graphic.